crypto: qat - fix memory leak in RSA
authorGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Mon, 9 May 2022 13:34:11 +0000 (14:34 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 29 Jul 2022 15:25:28 +0000 (17:25 +0200)
[ Upstream commit 80a52e1ee7757b742f96bfb0d58f0c14eb6583d0 ]

When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is
used, some components of the private key persist even after the TFM is
released.
Replace the explicit calls to free the buffers in qat_rsa_exit_tfm()
with a call to qat_rsa_clear_ctx() which frees all buffers referenced in
the TFM context.

Cc: stable@vger.kernel.org
Fixes: 879f77e9071f ("crypto: qat - Add RSA CRT mode")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/crypto/qat/qat_common/qat_asym_algs.c

index ff7249c093c9b9fed478f94d12f55ffda83a2c9d..2bc02c75398ef18e1bbf32c07f3ea6b335b7e7cd 100644 (file)
@@ -1257,18 +1257,8 @@ static void qat_rsa_exit_tfm(struct crypto_akcipher *tfm)
        struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
        struct device *dev = &GET_DEV(ctx->inst->accel_dev);
 
-       if (ctx->n)
-               dma_free_coherent(dev, ctx->key_sz, ctx->n, ctx->dma_n);
-       if (ctx->e)
-               dma_free_coherent(dev, ctx->key_sz, ctx->e, ctx->dma_e);
-       if (ctx->d) {
-               memset(ctx->d, '\0', ctx->key_sz);
-               dma_free_coherent(dev, ctx->key_sz, ctx->d, ctx->dma_d);
-       }
+       qat_rsa_clear_ctx(dev, ctx);
        qat_crypto_put_instance(ctx->inst);
-       ctx->n = NULL;
-       ctx->e = NULL;
-       ctx->d = NULL;
 }
 
 static struct akcipher_alg rsa = {